serisec

Category: cloud computing

  • On Microsoft’s Lousy Cloud Security

    On Microsoft’s Lousy Cloud Security ProPublica has a scoop: In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an…

  • New Attacks Against Secure Enclaves

    New Attacks Against Secure Enclaves Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about this before: Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes…

  • UK Is Ordering Apple to Break Its Own Encryption

    UK Is Ordering Apple to Break Its Own Encryption The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big…